M
MedRxman
If one uses a wireless router(Linksys) which supposedly has a built in
firewall, is it necessary to have another Firewall running?
firewall, is it necessary to have another Firewall running?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Bruce Chambers
MedRxman said:If one uses a wireless router(Linksys) which supposedly has a built in
firewall, is it necessary to have another Firewall running?
I'd say "Yes," others may disagree.
If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself (or
any "curious," over-confident teenagers in the home). Again -- and I
cannot emphasize this enough -- almost all spyware and many Trojans and
worms are downloaded and installed deliberately (albeit unknowingly) by
the user. So a software firewall, such as Sygate or ZoneAlarm, that can
detect and warn the user of unauthorized out-going traffic is an
important element of protecting one's privacy and security. (Remember:
Most anti-virus applications do not even scan for or protect you from
adware/spyware, because, after all, you've installed them yourself, so
you must want them there, right?)
I use both a router with NAT and ZoneAlarm Firewall, even though I
generally know better than to install scumware. When it comes to
computer security and protecting my privacy, I prefer the old "belt and
suspenders" approach. In the professional IT community, this is also
known as a "layered defense." Basically, it comes down to never, ever
"putting all of your eggs in one basket."
--
Bruce Chambers
Help us help you:
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin
Many people would rather die than think; in fact, most do. -Bertrand Russell
B
Brian A.
MedRxman said:If one uses a wireless router(Linksys) which supposedly has a built in firewall, is
it necessary to have another Firewall running?
IMHO especially when using a wireless router, yes. When using a third party
software firewall you can at the least be notified of traffic coming in or going out
and have the choice of allowing/denying it access. Although wireless is becoming
more secure, it's still easier to hack by anyone within a certain range with the
right tools and knowledge.
--
Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/
Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
D
Dennis McCunney
MedRxman said:If one uses a wireless router(Linksys) which supposedly has a built in
firewall, is it necessary to have another Firewall running?
Personally, yes!
The firewall in the router prevents incoming access *to* your machine.
It does nothing at all about *outgoing* access *from* your machine.
The purpose of a hardware firewall on the router is simply to block
access from the outside to any ports on your machine not specifically
opened on your end by a program that wants to talk to the net. If
something on your end initiates communication, the firewall will permit
it. (Depending on the router, you may also be able to do things like
turn off replies to ICMP packets [pings], so you don't appear to other
systems unless you initiate the communication.)
Third-party software firewalls will block not only outside connection
attempts, but can also be given a list of "trusted" applications on your
machine that are allowed to talk to the outside world, and will block
connection by anything *not* on that list. All such products that I've
tried install as a service. Once active, when you run a program that
tries to get to the internet, the firewall will detect it, pop up a
dialog box telling you the program wants to make a connection, and let
you choose "No, never", "Yes, but ask again next time", or "Yes,
always", and build a list of applications allowed to connect to the
outside world.
Some apps may be fine, but you just don't want them to get out. For
instance, Windows Media Player here wants to establish an Internet
connection every time it is run. I only use it for local content, and
have its access disabled in my firewall.
Some pieces of malware, viruses, and trojan horses will attempt to
disable your firewall and/or your A/V and connect to the outside world.
One of the tests currently applied to firewalls are "leak tests". Leak
tests start from the assumption you *have* been infected by something,
and test the ability of your firewall to block attempts to disable it or
bypass it.
Some third party firewalls add content filtering as an extra cost
"Premium" option, and attempt to filter incoming traffic to block such
things.
Personally, I don't consider content filtering and malware blocking the
firewall's job, and don't use firewalls that offer that. There are
other defenses against malware. I also don't take leak tests as the
main factor in evaluating a firewall. As mentioned, such things assume
you will be infected, and test whether the system can defend against the
effects. I find it preferable to simply not get infected to begin with.
I follow some simple rules:
1) I *don't* use IE as my browser. A lot of nasty stuff gets into the
system through security holes in IE. I prefer Firefox, which
deliberately does not support the Active-X controls that are the main
delivery mechanism.
2) I keep Windows fully patched, with Automatic Updates turned on to get
critical security patches when issued. (I've seen nasty problems on
other machines that would not have occured if the machine was up to
date, as the bad stuff got in through a hole that had been patched but
teh machine had not been updated with the patch.
3) I run a good anti-virus package, with definition files updated
automatically.
4) I run a software firewall, as well as turning on the one in my
router. My preference is Sygate Personal Firewall, which is no longer
maintained or supported, but there are a number of choices, both free
and commercial.
5) I am fussy about where I go, what I do, and what I download and open.
Software downloads come from trusted sites, with a preference for free
and open source. I use GMail as my primary email account, and
attachments remain on Google's servers, unless I specifically choose to
download and open them, and I know what they are before I do that.
6) See Rule 1.
I haven't had a virus infection in years, and have *never* had a problem
with spyware/malware/Trojan horses, so I think I'm doing something right.
______
Dennis
--
"The strongest test of any system is not how well its features conform
to anticipated needs but how well it performs when one wants to do
something the designer did not forsee."
-- Alan Kay, Xerox PARC